fix(authentication): disable inbound claims mapping to make JWT Beare…

…r scheme parse user ID correctly

src/CrowdParlay.Social.Api/AuthenticationConstants.cs

@@ -3,5 +3,5 @@ namespace CrowdParlay.Social.Api;
 public static class AuthenticationConstants
 {
     public const string CookieAuthenticationUserIdClaim = "user_id";
-    public const string BearerAuthenticationUserIdClaim = "sub";
+    public const string JwtBearerAuthenticationUserIdClaim = "sub";
 }

src/CrowdParlay.Social.Api/Extensions/ClaimsPrincipalExtensions.cs

@@ -8,7 +8,7 @@ public static class ClaimsPrincipalExtensions
     {
         var userIdClaim = principal.Claims.FirstOrDefault(claim => claim.Type
             is AuthenticationConstants.CookieAuthenticationUserIdClaim
-            or AuthenticationConstants.BearerAuthenticationUserIdClaim);
+            or AuthenticationConstants.JwtBearerAuthenticationUserIdClaim);
 
         return Guid.TryParse(userIdClaim?.Value, out var value) ? value : null;
     }

src/CrowdParlay.Social.Api/Extensions/ConfigureAuthenticationExtensions.cs

@@ -19,6 +19,7 @@ public static IServiceCollection ConfigureAuthentication(this IServiceCollection
 
         builder.AddJwtBearer(JwtBearerDefaults.AuthenticationScheme, options =>
         {
+            options.MapInboundClaims = false;
             options.RequireHttpsMetadata = false;
             options.TokenValidationParameters.ValidateAudience = false;
             options.TokenValidationParameters.ValidateIssuer = false;